Microsoft KB Archive/161372

From BetaArchive Wiki
Knowledge Base


How to enable SMB signing in Windows NT

Article ID: 161372

Article Last Modified on 10/26/2007



APPLIES TO

  • Microsoft Windows NT Workstation 4.0 Developer Edition
  • Microsoft Windows NT 4.0 Service Pack 3



This article was previously published under Q161372

Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry


SUMMARY

This article explains how to enable SMB signing.

MORE INFORMATION

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Windows NT 4.0 Service Pack 3 provides an updated version of the Server Message Block (SMB) authentication protocol, also known as the Common Internet File System (CIFS) file sharing protocol. For more information on SMB signing, please see the Windows NT 4.0 Service Pack 3 Readme.txt file.

Perform the following steps to configure SMB signing on a server:

  1. Run Registry Editor (Regedt32.exe).
  2. From the HKEY_LOCAL_MACHINE subtree, go to the following key:
    System\CurrentControlSet\Services\LanManServer\Paramete
  3. Click Add Value on the Edit menu.
  4. Add the following two values:

          Value Name: EnableSecuritySignature
          Data Type: REG_DWORD
          Data: 0 (disable), 1 (enable)
    
             NOTE: The default is 0 (disable)
    
          Name: RequireSecuritySignature
          Type: REG_DWORD
          Value: 0 (disable), 1 (enable)
    
             NOTE: The default is 0 (disable)
                            
  5. Click OK and then quit Registry Editor.
  6. Shut down and restart Windows NT.

Perform the following steps to configure SMB signing on a workstation:

  1. Run Registry Editor (Regedt32.exe).
  2. From the HKEY_LOCAL_MACHINE subtree, go to the following key:
    \System\CurrentControlSet\Services\Rdr\Paramete
  3. Click Add Value on the Edit menu.
  4. Add the following two values:

          Value Name: EnableSecuritySignature
          Data Type: REG_DWORD
          Data: 0 (disable), 1 (enable)
    
             NOTE: The default is 1 (enable)
    
          Name: RequireSecuritySignature
          Type: REG_DWORD
          Value: 0 (disable), 1 (enable)
    
             NOTE: The default is 0 (disable)
                            
  5. Click OK and then quit Registry Editor.
  6. Shut down and restart Windows NT.

Although the use of SMB signing causes slower network performance, we recommend its use in any environment where hostile network activity might occur. (SMB signing slows network performance from 10 to 15 percent, on average.) The performance decrease is caused by the requirement to digitally sign and verify each packet that is transmitted on the network.


Additional query words: 4.00 sp3

Keywords: kbproductlink kbenv kbhowto kbnetwork KB161372